Kennedy, a two-time Wash100 awardee, wrote in a commentary posted Tuesday on Fortune that such policies could guide information technology teams as they work to detect malicious access attempts and determine restricted network areas that should not be accessed by employees.
“Employees should also be trained and reminded about risky online work behaviors, and how their actions could impact the company,“ he added.
He called on organizations to adopt a user-centric cybersecurity approach that facilitates the use of artificial intelligence and other technology platforms that could facilitate early detection of insider threats.
“These programs flag aberrant user behaviors, such as stockpiling documents or sudden changes in the way an employee types on a keyboard, which could indicate that someone has hijacked their credentials,“ Kennedy said of those technologies.
He also discussed FBI's investigation into a cyber theft case and the use of “steganographic exfiltration“ and other types of sophisticated cyber tactics to steal IP of companies.